New Delhi:
Cyber-criminals have allegedly stolen data of thousands of Indians, including health workers, from a government server (that has even been indexed in Google Search).
The data leak allegedly happened on the CoWin portal, which is used for vaccination.
The data, including names, PAN and Aadhaar card numbers, mobile informations, addresses and Covid test results, of over 20,000 Indians are available on the Raid Forums website on the Dark Web, and the hacker claims that they are directly coming from a government CDN (content delivery network) server.
“PII including Name, MOB, PAN, Address etc of #Covid19 #RTPCR results & #Cowin data getting public through a Govt CDN. #Google indexed almost 9 Lac public/private #GovtDocuments in search engines. Patient’s data is now listed on #DarkWeb. Need fast deindex (sic),” cyber security researcher Rajshekhar Rajaharia Rajaharia said in a tweet.
The same documents are also available freely on Google Search as “List of Beneficiaries Enrolled for Covid Vaccine” with keywords like RT-PCR results.
The IT Ministry or the Indian Computer Emergency Response Team (CERT-IN) is yet to react to the alleged leak.
“I am not reporting any #Vulnerability here. I am asking people to #Beware for any Fraud #calls/#offers/#treatment etc related to pre/post #Covid19. The data is already up for sale on a #DarkWeb Forum (sic),” Rajaharia said in another tweet.
Last year, the Health Ministry and security researchers had denied the breach of Covid-19 vaccination data of 150 million Indians, after news of the hack spread online. IANS